bug#6789: MD5 is broken

[Pádraig Brady]

On 09/08/10 07:28, Paul Eggert wrote:
> On 08/08/10 06:26, Bruno Haible wrote:
>> Here is a proposed patch to make this clearer.
> 
> I like this patch, except I have qualms about
> putting a Wikipedia URL in the documentation, as
> Wikipedia is not that stable.  Perhaps
> <http://www.kb.cert.org/vuls/id/836068> would
> be a better URL.  Also, the --help output shouldn't
> point to Wikipedia (or to CERT, for that matter);
> it should at most refer to the coreutils manual.
> 
> Jim and/or Pádraig may have better advice here.

We don't need to hand hold people interested
in the details of MD5 weaknesses. They'll be well
able to find the pertinent info. Therefore in the
amended patch below I've just removed the URL.
I also removed the addition to --help
(and consequently the man page), as I think it's overkill.
If we were to add something to --help it should
probably be also done for sha1sum, but the amended
texinfo is enough I think.

cheers,
Pádraig.

commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
Author: Bruno Haible <address@hidden>
Date:   Tue Aug 10 01:56:36 2010 +0100

    doc: improve the info on md5sum security weaknesses

    * doc/coreutils.texi (md5sum invocation): Mention currently known
    security problems. Don't recommend SHA-1 as alternative.
    Reported by Simon Josefsson

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 942978f..e0e308b 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -3414,14 +3414,12 @@ options}.
 Note: The MD5 digest is more reliable than a simple CRC (provided by
 the @command{cksum} command) for detecting accidental file corruption,
 as the chances of accidentally having two files with identical MD5
-are vanishingly small.  However, it should not be considered truly
-secure against malicious tampering: although finding a file with a
-given MD5 fingerprint, or modifying a file so as to retain its MD5 are
-considered infeasible at the moment, it is known how to produce
-different files with identical MD5 (a ``collision''), something which
-can be a security issue in certain contexts.  For more secure hashes,
-consider using SHA-1 or SHA-2.  @xref{sha1sum invocation}, and
address@hidden utilities}.
+are vanishingly small.  However, it should not be considered secure
+against malicious tampering: although finding a file with a given MD5
+fingerprint is considered infeasible at the moment, it is known how
+to modify certain files, including digital certificates, so that they
+appear valid when signed with an MD5 digest.
+For more secure hashes, consider using SHA-2.  @xref{sha2 utilities}.

 If a @var{file} is specified as @samp{-} or if no files are given
 @command{md5sum} computes the checksum for the standard input.